StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Begin implementation of new daemon authentication scheme

Browse source
This commit is contained in:
Dane Everitt 2017-09-23 20:45:25 -05:00
parent 8722571037
commit 906a699ee2
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
23 changed files with 796 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

103
app/Models/DaemonKey.php Normal file
View file

@ -0,0 +1,103 @@
<?php
/*
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Models;
use Sofa\Eloquence\Eloquence;
use Sofa\Eloquence\Validable;
use Illuminate\Database\Eloquent\Model;
use Sofa\Eloquence\Contracts\CleansAttributes;
use Sofa\Eloquence\Contracts\Validable as ValidableContract;
class DaemonKey extends Model implements CleansAttributes, ValidableContract
{
use Eloquence, Validable;
/**
* @var string
*/
protected $table = 'daemon_keys';
/**
* @var array
*/
protected $casts = [
'user_id' => 'integer',
'server_id' => 'integer',
];
/**
* @var array
*/
protected $dates = [
self::CREATED_AT,
self::UPDATED_AT,
'expires_at',
];
/**
* @var array
*/
protected $fillable = ['user_id', 'server_id', 'secret', 'expires_at'];
/**
* @var array
*/
protected static $applicationRules = [
'user_id' => 'required',
'server_id' => 'required',
'secret' => 'required',
'expires_at' => 'required',
];
/**
* @var array
*/
protected static $dataIntegrityRules = [
'user_id' => 'numeric|exists:users,id',
'server_id' => 'numeric|exists:servers,id',
'secret' => 'string|min:20',
'expires_at' => 'date',
];
/**
* Return the server relation.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
public function server()
{
return $this->belongsTo(Server::class);
}
/**
* Return the user relation.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
public function user()
{
return $this->belongsTo(User::class);
}
}

145
app/Models/Server.php
View file

@ -24,21 +24,18 @@
namespace Pterodactyl\Models;
use Auth;
use Cache;
use Carbon;
use Schema;
use Javascript;
use Sofa\Eloquence\Eloquence;
use Sofa\Eloquence\Validable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable;
use Znck\Eloquent\Traits\BelongsToThrough;
use Sofa\Eloquence\Contracts\CleansAttributes;
use Sofa\Eloquence\Contracts\Validable as ValidableContract;
class Server extends Model implements CleansAttributes, ValidableContract
{
use Eloquence, Notifiable, Validable;
use BelongsToThrough, Eloquence, Notifiable, Validable;
/**
* The table associated with the model.
@ -52,7 +49,7 @@ class Server extends Model implements CleansAttributes, ValidableContract
*
* @var array
*/
protected $hidden = ['daemonSecret', 'sftp_password'];
protected $hidden = ['sftp_password'];
/**
* The attributes that should be mutated to dates.
@ -152,109 +149,6 @@ class Server extends Model implements CleansAttributes, ValidableContract
'node.name' => 2,
];
/**
* Returns a single server specified by UUID.
* DO NOT USE THIS TO MODIFY SERVER DETAILS OR SAVE THOSE DETAILS.
* YOU WILL OVERWRITE THE SECRET KEY AND BREAK THINGS.
*
* @param string $uuid
* @param array $with
* @param array $withCount
* @return \Pterodactyl\Models\Server
* @throws \Exception
* @todo Remove $with and $withCount due to cache issues, they aren't used anyways.
*/
public static function byUuid($uuid, array $with = [], array $withCount = [])
{
if (! Auth::check()) {
throw new \Exception('You must call Server:byUuid as an authenticated user.');
}
// Results are cached because we call this functions a few times on page load.
$result = Cache::tags(['Model:Server', 'Model:Server:byUuid:' . $uuid])->remember('Model:Server:byUuid:' . $uuid . Auth::user()->uuid, Carbon::now()->addMinutes(15), function () use ($uuid) {
$query = self::with('service', 'node')->where(function ($q) use ($uuid) {
$q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
});
if (! Auth::user()->isRootAdmin()) {
$query->whereIn('id', Auth::user()->serverAccessArray());
}
return $query->first();
});
if (! is_null($result)) {
$result->daemonSecret = Auth::user()->daemonToken($result);
}
return $result;
}
/**
* Returns non-administrative headers for accessing a server on the daemon.
*
* @param Pterodactyl\Models\User|null $user
* @return array
*/
public function guzzleHeaders(User $user = null)
{
// If no specific user is passed, see if we can find an active
// auth session to pull data from.
if (is_null($user) && Auth::check()) {
$user = Auth::user();
}
return [
'X-Access-Server' => $this->uuid,
'X-Access-Token' => ($user) ? $user->daemonToken($this) : $this->daemonSecret,
];
}
/**
* Return an instance of the Guzzle client for this specific server using defined access token.
*
* @param Pterodactyl\Models\User|null $user
* @return \GuzzleHttp\Client
*/
public function guzzleClient(User $user = null)
{
return $this->node->guzzleClient($this->guzzleHeaders($user));
}
/**
* Returns javascript object to be embedded on server view pages with relevant information.
*
* @param array|null $additional
* @param array|null $overwrite
* @return \Laracasts\Utilities\JavaScript\JavaScriptFacade
*/
public function js($additional = null, $overwrite = null)
{
$response = [
'server' => collect($this->makeVisible('daemonSecret'))->only([
'uuid',
'uuidShort',
'daemonSecret',
'username',
]),
'node' => collect($this->node)->only([
'fqdn',
'scheme',
'daemonListen',
]),
];
if (is_array($additional)) {
$response = array_merge($response, $additional);
}
if (is_array($overwrite)) {
$response = $overwrite;
}
return Javascript::put($response);
}
/**
* Return the columns available for this table.
*
@ -358,12 +252,11 @@ class Server extends Model implements CleansAttributes, ValidableContract
/**
* Gets information for the tasks associated with this server.
*
* @TODO adjust server column in tasks to be server_id
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function tasks()
public function schedule()
{
return $this->hasMany(Task::class);
return $this->hasMany(Schedule::class);
}
/**
@ -377,12 +270,34 @@ class Server extends Model implements CleansAttributes, ValidableContract
}
/**
* Gets the location of the server.
* Returns the location that a server belongs to.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
* @return \Znck\Eloquent\Relations\BelongsToThrough
*
* @throws \Exception
*/
public function location()
{
return $this->node->location();
return $this->belongsToThrough(Location::class, Node::class);
}
/**
* Return the key belonging to the server owner.
*
* @return \Illuminate\Database\Eloquent\Relations\HasOne
*/
public function ownerKey()
{
return $this->hasOne(DaemonKey::class, 'user_id', 'owner_id');
}
/**
* Returns all of the daemon keys belonging to this server.
*
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function keys()
{
return $this->hasMany(DaemonKey::class);
}
}

9
app/Models/Subuser.php
View file

@ -42,13 +42,6 @@ class Subuser extends Model implements CleansAttributes, ValidableContract
*/
protected $table = 'subusers';
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = ['daemonSecret'];
/**
* Fields that are not mass assignable.
*
@ -72,7 +65,6 @@ class Subuser extends Model implements CleansAttributes, ValidableContract
protected static $applicationRules = [
'user_id' => 'required',
'server_id' => 'required',
'daemonSecret' => 'required',
];
/**
@ -81,7 +73,6 @@ class Subuser extends Model implements CleansAttributes, ValidableContract
protected static $dataIntegrityRules = [
'user_id' => 'numeric|exists:users,id',
'server_id' => 'numeric|exists:servers,id',
'daemonSecret' => 'string',
];
/**